before_filter :admin_required, only: [:setup, :unsetup]
def current
- @object = current_user
- show
+ if current_user
+ @object = current_user
+ show
+ else
+ send_error("Not logged in", status: 401)
+ end
end
+
def system
@object = system_user
show
end
end
+ # It's not always possible for the client to know the user's
+ # username when submitting this request: the username might have
+ # been assigned automatically in create!() above. If client
+ # provided a plain repository name, prefix it with the username
+ # now that we know what it is.
+ if params[:repo_name].nil?
+ full_repo_name = nil
+ elsif @object.username.nil?
+ raise ArgumentError.
+ new("cannot setup a repository because user has no username")
+ elsif object_found and
+ params[:repo_name].start_with?("#{@object.username}/")
+ full_repo_name = params[:repo_name]
+ else
+ full_repo_name = "#{@object.username}/#{params[:repo_name]}"
+ end
+
if object_found
- @response = @object.setup_repo_vm_links params[:repo_name],
+ @response = @object.setup_repo_vm_links full_repo_name,
params[:vm_uuid], params[:openid_prefix]
else
@response = User.setup @object, params[:openid_prefix],
- params[:repo_name], params[:vm_uuid]
+ full_repo_name, params[:vm_uuid]
end
# setup succeeded. send email to user
UserNotifier.account_is_setup(@object).deliver
end
- render json: { kind: "arvados#HashList", items: @response.as_api_response(nil) }
+ send_json kind: "arvados#HashList", items: @response.as_api_response(nil)
end
# delete user agreements, vm, repository, login links; set state to inactive
def self._setup_requires_parameters
{
- send_notification_email: { type: 'boolean', required: true },
+ user: {
+ type: 'object', required: false
+ },
+ openid_prefix: {
+ type: 'string', required: false
+ },
+ repo_name: {
+ type: 'string', required: false
+ },
+ vm_uuid: {
+ type: 'string', required: false
+ },
+ send_notification_email: {
+ type: 'boolean', required: false, default: false
+ },
}
end
+ def apply_filters(model_class=nil)
+ return super if @read_users.any?(&:is_admin)
+ if params[:uuid] != current_user.andand.uuid
+ # Non-admin index/show returns very basic information about readable users.
+ safe_attrs = ["uuid", "is_active", "email", "first_name", "last_name"]
+ if @select
+ @select = @select & safe_attrs
+ else
+ @select = safe_attrs
+ end
+ @filters += [['is_active', '=', true]]
+ end
+ super
+ end
end